How To Setup Your Own VPN With PPTP on Linux (CentOS, Ubuntu, Debian)

A virtual private network (VPN) is network that extends a private network (i.e. LAN) across a public network, such as the Internet. It enables a communications between computers and devices across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.

This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. Basically, if two computers are connected through a VPN, they can communicate directly the same way as if they were in local network. Although the two computers could be physically very distant, the other computers on the internet are not able to intercept their communication.

Server side setup and configuration

The most popular VPN solutions are OpenVPN and PPTP. We will use PPTP. Before we proceed and setup our own VPN network, we should have one computer that will be the VPN server. That computer will be responsible for assigning IP addresses to the clients, establishing initial connection between the clients or between client and the server, handling the security protocols and users/clients authentication. In order to install PPTP we will execute the following command:

Next step is to edit the default configuration file /etc/pptpd.conf, using our favourite editor and add the following lines:

localip 172.16.0.1
remoteip 172.16.0.100-200

In this case, 172.16.0.1 is the IP that will be used inside the VPN by the VPN server, and An IP from the range 172.16.0.100-200 will be assigned to each client that will be authenticated.

Now we need to add new users. The file that contains the users and their password is /etc/ppp/chap-secrets. The client should be entered with the following information in the following order:

# client server secret IP addresses

In order to create new client called client1 that will be able to use the pptpd server from any location using the password password1 we should add the following line, in the following case, the asterisk means that anyone IP address can use that login information:

client1 pptpd password1 *

The last thing that we need to do before starting our VPN server is to add DNS server. We can add the DNS servers provided by or internet provider or we can use Google DNS servers and insert them in the file.

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Now we can start the pptpd daemon using the command:

service pptpd start

In order to verify that it is running and listening for incoming connections, we should execute:

Client side setup and configuration

In order for a client computer to be able to connect to our VPN server, we should install the PPTP client using the following command (the first one is for CentOS, the second is for Debian/Ubuntu):

# yum -y install pptp
# apt-get install pptp-linux

The VPN client request the ppp_mppe module, so we need to load it:

# modprobe ppp_mppe

Client configuration should be created in /etc/ppp/peers/ folder. In order to configure the parameters for the server we want to use, we should create the configuration file using our favorite editor and set the following parameters (we are at client1 now):

If our config files in the example above, was named /etc/ppp/peers/vpnserver, then in order to start the client and connect to the VPN server we should execute:

# pppd call vpnserver

After starting the client, check the log files for possible errors or successful connection info using the following command:

# cat /var/log/syslog | grep pptp

We should explicitly set proper routing for the VPN traffic on our clients:

ip route add 172.16.0.0/16 dev ppp0

Once this is done, we can repeat the procedure and add more client and they will all be able to communicate to each other inside secured virtual private network. The computer can communicate using any protocol or service, such as HTTP, SMTP, telnet, MySQL, FTP etc. PPTP server doesn’t demand high usage of CPU resources, but still, all traffic is 128-bit encrypted. This provides decent level of security and protection for our sensitive data and information.